You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem:
when passing a user in the expanded, the profile visibility is not being taken into account. As a result, we are exposing users' profiles even if they configured it as hidden.
Known places where this is happening (need to check all the places): community members and invitations, share access of a record to users. In these 2 cases, searching for a user, that has profile visibility hidden is not possible (the search is working fine), but in case an invitation/grant already exists and then user changes permission, the user's profile is still exposed (the expanded user is not taking this to account).
In the _read_manymethod, the search permission is being checked, which allows the search for all authenticated users, without checking the visibility of a profile.
Note: users search is working fine, as it checks the permission for search and then for each user of the search result it checks for the read permission. User read method is also fine as it also checks for the read permission.
Steps of action:
Evaluate all the places where this read_many method is used (this is the RecordService class method, so in a lot of places) in the UI and in the REST API
Fix the read permission
Provide a solution for all those places to not expose the user's profile (how it will look like in the UI, what will we return in the api responses).
For the community members and invitations and share access of a record to users --> was discussed to still show some information of a user to the community/record owner, despite for hidden profile visibility. This is because the owner must know who has access to his records and communities.
To ensure that the user, who is trying to hide his profile, knows that he will still be seen in some cases, list the consequences in the profile update page (to be discussed on how this looks like)
The text was updated successfully, but these errors were encountered:
The problem:
when passing a user in the
expanded
, the profile visibility is not being taken into account. As a result, we are exposing users' profiles even if they configured it ashidden
.Known places where this is happening (need to check all the places): community members and invitations, share access of a record to users. In these 2 cases, searching for a user, that has profile visibility hidden is not possible (the search is working fine), but in case an invitation/grant already exists and then user changes permission, the user's profile is still exposed (the
expanded
user is not taking this to account).In the
_read_many
method, thesearch
permission is being checked, which allows the search for all authenticated users, without checking the visibility of a profile.Note: users
search
is working fine, as it checks the permission forsearch
and then for each user of the search result it checks for theread
permission. Userread
method is also fine as it also checks for the read permission.Steps of action:
read_many
method is used (this is theRecordService
class method, so in a lot of places) in the UI and in the REST APITo ensure that the user, who is trying to hide his profile, knows that he will still be seen in some cases, list the consequences in the profile update page (to be discussed on how this looks like)
The text was updated successfully, but these errors were encountered: